I saw something related in this post below however a couple of items are not clear.
I’m using a logstash plugin to pull Azure NSG Flow logs from Azure storage accounts and then forward them to Graylog. Everytime the forward happens my Graylog server log is filled with:
2018-02-01T12:20:55.232-05:00 WARN [GelfCodec] GELF message <42bd8ec5-0774-11e8-ace9-000d3a18d769> (received from <172.18.4.17:50998>) is missing mandatory “host” field.
I tried adding a “Add static field” within the Graylog Input section but this seemed to make no difference and it’s not clear what Graylog is actually looking for and maybe I should us a different input type?
FYI, The Logstash Plugin information is below"